Lockheed Martin is partnering with the SANS Institute to reduce cyber security vulnerabilities that may be introduced during software development. Through the Global Information Assurance Certification (GIAC) Secure Software Programmer (GSSP), Lockheed Martin developers will be given skills to enhance the security of the code they write.
Lockheed Martin developers will be offered assessments, skills development, and certification for secure coding through the SANS Institute. The GIAC GSSP examinations offered by SANS measure mastery of the essential competencies for secure programming developed by the Secure Programming Council, a consortium of individuals and organizations. The examinations, which use questions with code examples, are currently available for Java, C, and .NET developers, and are offered through SANS Institute.
Initially, the SANS/Lockheed Martin project will let Lockheed Martin assess the secure coding skills of 75 programmers, provide training to improve their skills, and certify its developers through a rigorous certification exam. Based on the results of the assessment and training, the program may be expanded to train a broader developer workforce.
"Lockheed Martin integrates all aspects of information assurance into every solution it delivers and continues to invest in proactive security measures," said Dr. Eric Cole, Senior Cyber Security Fellow at Lockheed Martin. "We are committed to improving secure software development practices and are certifying our employees who are working in the area of cyber security on customer programs," he continued.
Secure coding best practices can reduce risk to Federal agencies that depend on Internet-facing web applications to deliver service to the citizen. Carnegie Mellon University estimates that up to 90 percent of reported security incidents result from the exploitation of defects in software code or design.